[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ECN and IPsec tunnels
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Black," == Black, David <Black_David@emc.com> writes:
Black,> Those with good memories may recall discussion of what to do
Black,> about the fact that IPsec tunnels ignore and discard the DS field
Black,> on tunnel egress, meaning that diff-serv markings won't propagate
Black,> across tunnel egress. The promised draft on ECN and IPsec
Black,> tunnels has been written (it's rather longer that I thought it
Black,> would be). This is the precursor to any work on diff-serv and
Black,> IPsec tunnels -- I invite anyone who's interested to take a look
Black,> and send comments to the authors (including yours truly).
Black,> Reading the ECN RFC (2481) before this draft is strongly
Black,> recommended. We also got bitten by the submission deadline, and
Black,> hence the draft is at:
I would suggest that or'ing the outer ECN bits with the inner ECN
bits on tunnel egress is the thing to do. This is something that should be
negotiated as an SA attribute by IKE.
:!mcr!: | Solidum Systems Corporation, http://www.solidum.com
Michael Richardson |For a better connected world,where data flows faster<tm>
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">firstname.lastname@example.org</A>. PGP key available.
Corporate: <A HREF="mailto:email@example.com">firstname.lastname@example.org</A>.
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.5.1, an Emacs/PGP interface
-----END PGP SIGNATURE-----